Full Disclosure: Re: Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability

[Darren McDonald <athena () dmcdonald net>]

On 25 October 2011 23:36, William Reyor <opticfiber () gmail com> wrote:
> Still possible when ssl connections are enforced?
Yes, because if an attacker is able read your system's memory then
they will be able to decrypt your SSL traffic by using your symmetric
encryption keys. I call this the encryption key sidejacking attack.

Renski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/